Font rendering is a matter of taste. However, I personally think Ubuntu's default font rendering is the most eye-pleasing one of the whole Linux eco-system. And if a website's CSS font stack is looking good on Ubuntu, you can be relatively sure that it also works for Mac or MS Windows as long as the used fonts are available on these platforms. It is not hard to get the same font rendering on Fedora. This text is just a bit longer than a few commands because I try to provide additional background information and useful web-search-keywords which you may need if you have other targets than a 100% Ubuntu-like rendering.

The basics

To achieve the desired result, you have to know which parameters exist and how to change them. The most important things are:

As you can see, Ubuntu is using RGB anti-aliasing with subpixel rendering (lcd-default means “subpixel (LCD)” method) and slight font hinting. Now compare this with the default values on Fedora 15 Lovelock:

This shows that Fedora does use grayscale anti-aliasing, a stronger font hinting style and no subpixel rendering by default. This is the reason why the same fonts look different on Fedora and Ubuntu.

What to do

Install the freetype-freeworld package. You need subpixel rendering the achieve the same results as on Ubuntu. The FreeType rendering engine shipped by default comes without it but you can install the freetype-freeworld package out of the RMPfusion-free repository to get a version with subpixel rendering. If not already happend, enable RPM Fusion on your system. Open a terminal and install the freetype-freeworld package:

su -c "yum install freetype-freeworld"

You should know that subpixel rendering is patented and therefore not completely free (as in speech). Using this package might not be legal in your country. The choice is yours and it is your legal responsibility to make sure that the software you are installing can be legally used.

Adjust the hinting style and enable RGB anti-aliasing. Ubuntu it using hintslight hinting by default, Fedora comes with hintmedium. Additionally, we need RGB instead of grayscale anti-aliasing. Open a terminal and execute the following commands to set the anti-aliasing and hinting style:

Activate the lcddefault lcdfilter. Unfortunately, there is no GSettings key for it (at least as I'm writing this), therefore you have to create a hidden .Xresource file with the Xft.lcdfilter: lcddefault setting in your home directory. Open a terminal and execute the following command to do so:

echo "Xft.lcdfilter: lcddefault" > ~/.Xresources

Some settings need a restart to take effect, so reboot your system. If everything worked you should get the following xrdb -query output (the output order does not matter if the values are the same):

Additional notes

You may find the gnome-tweak-tool interesting. E.g. it provides an option to switch the window-title-bar font. Use the following command to install it:

su -c "yum install gnome-tweak-tool"

I used the command line tool gsettings to adjust the GSettings key values above. If you want to influence and explore available keys by using a GUI, have a look at the dconf-editor. Use the following command to install it:

su -c "yum install dconf-editor"

You may want to use the Ubuntu fonts, too. They are not included in the main repositories right now,1) therefore I wrote the install-ubuntufonts-fedora.sh bash script to make the font installation faster and easier. There is a high probability that this script will never be useful to someone else than myself. But you never know. If you want to use it, open a terminal and run the following commands to download and execute it (copy and paste recommended):

If you want to go any further, you should know some things about the fontconfig system. First of all, it is controlled by *.conf files. Fedora is looking for them at the /etc/fonts/conf.d/ directory and they get imported in alphabetical order.2) Please note that every file in this directory should be a symlink pointing to a real config file located in /etc/fonts/conf.avail/. This makes it possible to deactivate settings by deleting the symlink in /etc/fonts/conf.d/ without loosing the corresponding config file in /etc/fonts/conf.avail/. It is also recommended to follow the rule “one setting, one file”. This makes sure you always know which files configures what.
All settings at /etc/fonts/conf.d/ are affecting all user accounts and therefore you need root privileges to create or edit the files. If you want to influence only a specific user account, it is also possible to place files in the user's ~/.fontconfig/ directory (simply create it if it is not already existing).

I assume that your display is using RGB pixels (the subpixel layout test page can help you to verify this). If your monitor is using BGR, V-RGB, or V-BGR pixels, you might want to use another anti-aliasing setting than rgba.

When Fedora 15 Lovelock was just a few days old, the generally known commands to build an appropriate package did not work.3) Therefore (and because I think it is a bit extreme to create a package just to get some fonts), I wrote install-msttcorefonts-fedora.sh to make the font installation faster and easier. There is a high probability that this script will never be useful to someone else than myself. But you never know. If you want to use it:

Open a terminal.

Run the following commands to download and start the script (copy and paste recommended):

SSH provides the possibility to use Public Keys to log in to a target system (which is very likely more secure than a password). To make this possible:

The user has to create a Public/Private Key pair

The user's Public Key(s) has/have to be stored on the target system running the SSH Server (normally within ~/.ssh/authorized_keys)

The server's Public Key has to be stored on the local system running the SSH Client (normally within ~/.ssh/known_hosts)

Some popular services like GitHub do not even provide a password based authentication for data exchange, forcing you to use a SSH Public Key. Same for the Fedora Account System (FAS) where I created an account recently.

On a common Linux system, all needed SSH client tools should be installed by default. If not (e.g. because they were removed), simply install the openssh-clients package on Fedora or the openssh-client package on Debian/Ubuntu. After installation, the SSH tool for authentication, key generation, management and conversion is available via terminal: ssh-keygen

Creating a Public/Private Key pair

As already said, ssh-keygen is the tool for creating a key pair. It brings a lot of options, I'm going into detail on the most important ones:4)

-b <bits>:
From the manpage: “Specifies the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits[…]”.

-t <type>:
Specifies the type of key to create. The cryptographic algorithm to use will selected through specifying this parameter. For SSH2, you can choose between “rsa” and “dsa”.5)

-C "<comment>":
Provides a comment for the key. The comment is used as “name” for the key in most applications. If not given, username@host will be set by default. You can change the comment later without any problems.

Using a 2048bit long RSA key is a good choice for most use-cases. 1024bit RSA is no longer regarded as indisputably secure, 4096bit RSA is for paranoid person like me. Please make sure you set a passphrase to protect your key. Otherwise everyone who may gets access to it (e.g. because someone steals your laptop and copies the keyfile) is able to get instant access to all systems you used the key for logging in. In contrast, you should have enough time to change the keys on all affected system without any danger if you used a good passphrase for a leaked private key. Additionally, it is no problem to use multiple SSH keys. So if you need a SSH key without password (e.g. for a quickly hacked backup script), create a separate key for this special task but do not use it for logging in to important systems.

Before you start: If you do not answer the question “Enter file in which to save the key” properly, you possibly overwrite an already existing key pair (if any). So take care which filename you are using for storage. The defaults are id_rsa and id_dsa (depending on the used algorithm). You have been warned!

As you can see, the key will be stored into ~/.ssh/id_rsa by default. To choose another file, you have to provide the complete path (→ ~/ normally does not work to point to your home dir). I use the non-default path /home/user/.ssh/mykey in this example.

You should store all SSH keys into the default directory ~/.ssh (no matter which filenames you are using for them). Otherwise, many tools and programs are not able to locate your SSH keys by default, leading to more configuration issues. None the less, it is possible to store your keys in another directory than the default one. ssh-add /path/to/your_key is your friend.

Close ssh if the session is not responding anymore: The command ~. closes the ssh client program if the server hangs (e.g. because it was unexpectedly shut down or your internet connection is not stable).

Copy the Public Key(s) to a remote system:ssh-copy-id helps you to copy your SSH Public Key into the ~/.ssh/authorized_keys file of the remote system and/or copy the remote system's public key into your local ~/.ssh/known_hosts file. Usage:

ssh-copy-id -i "~/.ssh/mykey.pub" remote-user@remote.example.com

Change the passphrase of a SSH key:ssh-keygen is also the tool of choice to change a key's password. The -f parameter specifies the private key file you want to change. The -p parameter tells the program that you want to change the password of an existing key, preventing the generation of a new one:

ssh-keygen -f /path/to/your_key -p

Change the comment of a SSH key:ssh-keygen is also the tool of choice to change a key's comment. The -f parameter specifies the private key file you want to change. The -c parameter tells the program that you want to change the comment of an existing key, preventing the generation of a new one:

This article provides a step-by-step guide on how to install an Ubuntu Linux system with full disk encryption (new installation). However, you should take a relaxed day as topical newbie for further reading. You don't have to keep everything in mind but it is never an error to acquaint oneself with something new.

The Network Time Protocol (NTP) is a protocol for synchronising the clocks of computers over TCP/IP networks. I don't go into detail here,6) but NTP is helpful if you need a really7) exact system time (e.g. on special Database servers) or just to get a correct clock setting on your common desktop. There are two ways to use NTP to set your system's clock:

Using DokuWiki is fun. It gives you all you need to manage different types of content like common text, quotes, files, data tables and source code. It displays your content in a proper way, including typography replacements and many other features (see Syntax for some examples). It is especially perfect to write about IT where console output or code snippets matter. You can even include RSS feeds and create galleries with a single line of text. Additionally, DokuWiki is very easy to administrate and maintain (this is my personal killer feature). Installing updates is damn simple (in principle, you just have to copy the new files over the old ones). And you can do backups by downloading everything from your webserver. No database dumps and stuff needed. Because plain text files are used as storage, you can even access the raw data offline with a simple text editor.8) So why not using DokuWiki as easy maintainable blog? Exactly!

There are two common ways to create a DokuWiki based weblog. The traditional one, using the Blog plugin in combination with a bunch of others.9) And the new BlogTNG plugin which is meant as successor of the Blog plugin and already contains components like comments and tags. The following text is about creating a cool WikiBlog with BlogTNG.

which is perfect e.g. if you screwed your webserver and documented its configuration in the wiki running on it. Just open the last backup and access the text files you need in the pages subdir of DokuWiki's data directory

Creating templates for most web applications is not really a hard task. But if you plan to share your work with the public you face a little problem every now and then, namely when there's a new version of the application available: you have to track down what has changed since the last release to be able to update your template accordingly. Sure, not everyone has the time to follow the development of an application close enough to notice every small change which affects his work. IMHO that could be the cause why some of the available DokuWiki templates are a little outdated and likely not 100% compatible with the latest release. However, I would like to show a way to take advantage of DokuWiki's stylesheet handling and to keep the effort needed to keep such a template up-to-date at a minimum (we're all lazy people, right ).

Creating a new template

The easiest way to create a new template is the Starter template by Anika Henke.10) Just download and extract it. Rename the folder, place it below <dokuwiki>/lib/tpl/templates and select it in the DokuWiki configuration manager.

The idea: taking advantage of DokuWiki's CSS handling

DokuWiki provides an advanced CSS handling system which uses a PHP .ini file named style.ini, which is part of the template. It is used to determine which files are getting loaded for a certain display mode. So lets have a look at the style.ini provided by the Starter template. Right now we're interested in the first section of the file:

The above describes which .css file gets loaded for a certain display mode. “screen” is the normal display mode when you watch the page in a browser, “rtl” is loaded for right-to-left languages, and “print” obviously when you like to print a wiki page.11) For more information regarding the loading order of stylesheets refer to the docs.

So here is the key part:

We're not gonna edit any of the .css files we copied over from the Starter template!

We just add our own .css files for each mode at <dokuwiki>/lib/tpl/template/<mytemplate>/css instead and modify the style.ini so they get loaded after the original ones:

Instead of editing any of the .css files we copied over from the Starter template we add our CSS rules to the files we just created and make use of a key CSS feature: the so-called cascade.12) Expressed in simplified terms, CSS rules simply override previous rules affecting the same element.13) And in some cases where the specificity of your rule is not enough, you may use !important14) or an own class to solve such problems.

So we just override any Starter template CSS rule we like to change in our own mytemplate_screen.css, mytemplate_rtl.css and mytemplate_print.css. Developing a stylesheet this way is a little bit more advanced than if you just edit the existing .css files. But it has an advantage as you'll see later. Additionally, you may noticed that I removed some original Starter template files which are not starting with an underscore (basic.css, structure.css, design.css, content.css and includes.css). The reason for this is simple: only the files starting with an underscore plus rtl.css and print.css are the important core styles, the rest is supposed to be adjusted. Therefore use them as starting point for your own mytemplate_screen.css.

Another thing you may like to consider while modifying DokuWiki's CSS is that it is best to access the elements the same way as done in the Starter template CSS files and prepend most ids or classes with .dokuwiki. And have a look at the color placeholders. If you happen to edit the main.php of your template to add or edit something you shouldn't remove the <div class="dokuwiki"> as it will break the whole stylesheet!

To get a clue about which rules to overwrite, it may help you to look at the CSS files of my templates prsnl10 and mnml-blog:

As you may have noticed, this approach has one drawback. The size of the final stylesheet delivered to the browser will be bigger than if you just edit the existing .css files. This should be around ~2kB till 15kB (uncompressed), depending on the things you are changing. Since the whole CSS gets compressed and is usually delivered only once and then cached I don't think it's that much of a problem.15) And it is not “unclean” or something like that because the Wiki's data is not affected and a template is not triggering any dependencies for your data in general.

Keeping It Up-To-Date

If you follow the approach given above, keeping your template up-to-date after a new DokuWiki release is a task that can be done very quickly! The only thing you have to do is to run a diff against all .css files you copied from the Starter template against the original ones (or have a look at the Commits, e.g. if you are not familiar with tools like diff). Checking the Starter template changelog is also a good idea. If there have been changes, just copy the changed .css files of the Starter template to your template folder overriding the old ones, and, only if needed, add some extra rules to your custom .css files to adjust everything to your needs. The best place to check if everything is OK is the syntax page included in every DokuWiki release.16) It is also recommendable to have a look at the .php files provided by the Starter template to determine if there are any changes needed for new features. The official Developers Changelog may help you to support new features, too.

Some additional notes

That's it! At least this approach works pretty well for me . Of course this only covers CSS issues but it assures that things don't get totally messed up. If you've added new functionality to a template you surely have to put more time into testing/debuging things. But if you create a different look for DokuWiki and like to share it, this is one way to keep things easy over time. Keeping things maintained is normally much harder than creating something new, therefore the additional work when starting a new template should pay off quickly. The approach is even powerful enough to make things like vector17) or this blog's template mnml-blog possible without getting to much trouble when a new DokuWiki version was released.

In the past, the best way to start an own template was to copy DokuWiki's default template. The reason is simple: there was no such useful thing as the Starter template. Therefore all of my existing templates were based on the default template CSS. But things changed a bit. First of all, DokuWiki will get a new default template called “dokuwiki” in the near future. Therefore I asked on the mailing list if it is better to use the “Starter” template CSS or wait for the new “dokuwiki” template CSS as technical base for the development approach described in this text. And the answer is clear: use the Starter template as the new default template is based on Starter, too. Therefore I switched all of my templates over from the old default template CSS to the Starter template CSS as technical base.18) I'm sure a comparable situation won't happen again. Relying on the default template simply was less future-proof than relying on the now existing Starter template which is just existing to make template developing easier.

This post is based on a text created by Michael Klier. He decided to shut down his blog. The unmodified text was originally posted on August, 16th 2007 and is licensed under the Creative Commons BY-NC-SA License and accordingly this text also is. I just took his post and changed the needed things to fit the facts of 2011.

Tip: open two tabs in Firefox (one for the old, one for the new version) and use Ctrl+Page↑ / Ctrl+Page↓ to quickly switch between them for a comparison. Use the headline navigation (e.g. :wiki:syntax#tables) to jump to the exactly same point in both versions.

I'm using a separate19) email address for my Android 2.2 based mobile phone. This makes it possible for close friends and my family to write me when I'm on the road. For free and without the need for crappy SMS phone GUIs. Additionally, it is very handy to mail yourself a grocery list or a quick note before leaving the house. However: All unencrypted20) mails for your phone are clear for the telco provider and others to see. But there are comfortable applications to change this.

Generate a new key pair for your phone. IMHO, it is a bad idea to place your main private key on an unencrypted mobile device. The risk of theft/loosing it is too high. I created the new key pair on my PC (even it would be possible on Android) because I prefer some kind of key hierarchy and a keyboard makes the creation more comfortable. Additionally, it is not a bad idea to have a backup copy of the new key on your PC.

If you don't like the terminal, use Enigmail or another GPG GUI for the export. It is also a good idea to export the public keys of the persons you want to write encrypted mails from your phone. Even APG provides the possibility to use keyservers, it makes no fun to search and import dozens of keys using that way.

Copy the .asc files on your phone (e.g. via USB), the location does not matter (you can delete these files after the import was done).

On your phone:

Open APG→click Menu button→“Manage Public Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file containing your public key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.

Open APG→click Menu button→“Manage Private Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file to containing your private key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.

Open K-9-Mail→click Menu button→“More”→“Accounts”. The sceen changes→Click and hold on your account→“Advanced”→Cryptography→Select “APG” as the OpenPGP Provider. And check “Auto-sign” if it makes sense for you.

That's all. But you should know that K-9 Mail brings no support for PGP/MIME right now. This means you have to tell your friends to write Inline-PGP encoded mails, not PGP/MIME mails. But this should be default in most environments. If not: Enigmail provides a non-global select box for this setting at the “Per-Recipient Rules” menu.

You know the problem: tons of add-ons are bloating your Firefox. Including slower rendering speed and start-up. This is especially true if you are a web developer because there are many useful but heavy extensions you never need if you are not working on a project. Different profiles and starters/shortcuts may help you out. It works for me21) and I'm sharing my approach here (maybe it is useful for someone else).

Writing Bash scripts is fundamental to automate and understand many tasks on common Unix-like environments. If you are new to Bash (or even Unix-like systems) you'll have it a lot easier if you take a weekend to learn some fundamental principles before starting to script your stuff. No matter how experienced you are in programming, everything you'll find regarding Bash is much easier to follow and understand if you know some things before.

High quality online readings

The official GNU bash manual – Reference work. If you are generally familiar with Bash/*ix or simply search for a specific thing: look at the manual. Nearly everything should be documented there.

Things you should understand before you write serious scripts

To make it much easier for yourself, make sure you understand22) the following (the resources mentioned above will help you):

Streams and redirection
Standard Input (stdin, 0), Standard Output (stdout, 1) and Standard Error (stderr, 2). It is really fundamental to understand the stream concept. How streams are working. And how to manipulate, redirect and merge them. This is particularly important before writing much code or libraries. Otherwise you may have to change many things over and over again to make your scripts are interacting smoothly with the system (→ error logging etc.).
Example of things you should be able to do blindfolded:

merge foobar's stderr (2) into foobar's stdout (1):

foobar 2>&1

If you redirect foobar's stdout (1) into a file now, all error messages will also be written into the file because stderr (2) is merged into stdout (1):

foobar > ~./logfile.log 2>&1

If you understand the two steps above, it is clear what the following does:

echo "message" 1>&2

Explanation: echo prints something to stdout (1). 1>&2 merges stdout into stderr. Therefore “message” will be printed as error to stderr(2) instead of creating simple standard output – this is the way to go if you want to print a simple error message. You also need redirections if you want to use sudo.

Exit codes
This is particularly important before writing much code to make sure your scripts are interacting smoothly with other applications.

Pipes and Filters

Subshells and the so called Subshell Problematic

Background processes
E.g. how to start them (→ &).

Globbing and the Internal Field Separator (IFS)
Make sure you be able to change and restore the IFS. And know how to use find and why you need it.

Regular Expressions and useful tools
The sed, cut, grep and find commands are available on nearly every system and are very helpful when you need to edit, find, manipulate or create files and data.

Connecting to university VPNs is always… fun. This is also true for the KIT VPN, especially because there is so much outdated information out there. E.g. there is no more Cisco compatible endpoint23) but tons of vpnc tutorials! You have to use the Juniper Networks software jnc now.

Installation

However… it worked after all. The IT guys were friendly enough to put helpful information at the online help. But to make it even easier, here are a my hints to get the KIT University Karlsruhe VPN connection running:

Make sure you got a working Java RE. I used sun-java6-jre, therefore I don't know if it runs with OpenJDK.

If you are running a 64bit Ubuntu,24) you need some 32bit wrapper libraries for jnc:

sudo apt-get install libc6-i386 lib32z1 lib32nss-mdns

Open a terminal, download and untar the jnc archive the KIT VPN help provides for Linux: